WEBINAR:On-Demand

As business applications migrate to Web 2.0, IP/port-based control is becoming far less effective. Next-generation firewalls (NGFWs) up the ante by identifying and inspecting application content, independent of port, to detect application-specific attacks and enforce more granular rules.

In this EnterpriseNetworkingPlanet buyer's guide, we examine the NGFW capabilities available to Check Point Software's firewall customers. As a firewall market leader, Check Point doesn't view NGFW a new kind of firewall, but rather as new modular services – software blades – that can be added to existing firewalls like the Power-1.

"When we introduced our blade architecture in 2009, we took every security appliance and recreated it as software blade," explained Juliette Sultan, Head of Global Marketing. "Customers now choose what they want to run on a Check Point firewall, like IPS or Application Control, by adding blades. Just go to your management console and click on a blade to activate it, leveraging topology and policies already in the system."

Blades as building blocks

Check Point's NGFW blades build upon this architecture. "Every blade works on every Check Point appliance, from our [entry level] UTM-1 to our largest Power-1. Blades can also run on open servers from IBM, Fujitsu, Dell, Crossbeam, etc," said Sultan.

Check Point sells blades in bundles. For example, the SG103 is a small/branch office Security Gateway that can run firewall, VPN, IPS, Application Control, and Identity Awareness on a single-core platform for up to 50 users. The SG205i can run those blades on a dual-core platform for up to 500 users. The SG1207 adds Advanced Networking, Acceleration, and Clustering blades, ramping up to 8 cores for data center deployment.